CN103109495B

CN103109495B - Method for authenticating and registering devices

Info

Publication number: CN103109495B
Application number: CN201180035217.0A
Authority: CN
Inventors: 戴维·G·斯蒂尔; 斯蒂芬·麦卡恩; 余东升
Original assignee: BlackBerry Ltd
Current assignee: Maliki Innovation Co ltd
Priority date: 2010-05-17
Filing date: 2011-05-17
Publication date: 2017-02-08
Anticipated expiration: 2031-05-17
Also published as: EP3506591B1; EP2388969A3; CA2799288C; EP3506591A1; EP2388969B1; CN103109495A; CA2799288A1; US9325677B2; EP2388969A2; WO2011143774A1; US20110282915A1; TW201204040A

Abstract

A telecommunications device is provided. The telecommunications device comprises a processor configured such that the device sends a first message to a database management component, the first message containing a communications key encrypted by a database management component key. The processor is further configured such that the device receives a second message from the database management component, the second message encrypted by the communications key. The processor is further configured such that, when the device is able to decrypt the second message, the device considers the database management component to be legitimate.

Description

For certification and registering apparatus method

Cross-Reference to Related Applications

This application claims the U.S. Patent application of entitled " methods of registering apparatus " submitted on May 17th, 2010 The priority of No.12/781,585.

In the specific embodiment that the content of above-mentioned patent application is clearly expressly incorporated herein with way of reference.

Background technology

The television broadcasting of the U.S. is switched to digital communication from analogue communication recently.Claimed by the available frequency band of this switching For TV white space (TVWS).TV band antenna device (TVBD) can be referred to as using the equipment of TVWS, or be briefly termed as setting Standby.TVBD can be fixing equipment (for example, access point), mobile/handheld equipment or the two.

The Federal Communications Committee (FCC) of the U.S. establishes and needs TVBD to register to database manager and work as any Before sending on TVWS channel, the TVWS channel of the data base of the available TVWS channel of inquiry uses regulations.In order to ensure with mainly wide Broadcast service coordination to use, this is very necessary.TVBD must also provide relevant with ownership and operation to data base Information.This information will can use for FCC, to contribute to reducing/eliminate main users (TV broadcast system) doing and TVBD between Disturb.Hereinafter, term " FCC " can refer in particular to the communication regulator of the U.S. or refer to any communication regulator.

Brief description

In order to be more fully understood from the disclosure, make briefly described below presently in connection with the drawings and specific embodiments, its In, similar reference represents similar portions.

Fig. 1 shows TV band antenna device (TVBD) certificate and registration and the distribution of TV white space channel.

Fig. 2 shows the structure of the certificate of manufacturer of encryption and the establishment of the TVBD according to the embodiment of the present disclosure.

Fig. 3 shows the structure of the certificate of manufacturer of signature and the establishment of the TVBD according to the embodiment of the present disclosure.

Fig. 4 show according in the TVBD of the embodiment of the present disclosure be used for logger (registrar)/data base's certification/peace The equipment of full property.

Fig. 5 shows the structure of the manager certificate with encrypted form according to the embodiment of the present disclosure.

Fig. 6 show according to the embodiment of the present disclosure be sent to logger/manager for secret registration or inquiry Information.

Fig. 7 shows the information eliminating for interference being sent to FCC according to the embodiment of the present disclosure.

Fig. 8 shows the structure of the certificate of encryption of the manager according to the embodiment of the present disclosure.

Fig. 9 shows the friendship of the information according to the embodiment of the present disclosure between TVBD and logger/database manager Change.

Figure 10 shows the message exchanging between TVBD and database manager according to the embodiment of the present disclosure.

Figure 11 shows the processor of multiple embodiments and associated component being adapted for carrying out the disclosure.

Specific embodiment

Start it will be appreciated that though the following providing the exemplary embodiment of one or more other embodiments of the present disclosure, but It is can to realize disclosed system and/or method using any technology (being either currently known or existing).The disclosure Should not necessarily be limited by illustrated embodiment described below, accompanying drawing and technology anyway and (include example illustrated and described herein Property design and embodiment), but can modify in the four corner of claims and its equivalent.

Any side that the process of FCC regulations of rules does not include certification TVBD or data base or guarantees operator message privacy Formula.In the case of not having this verification process, registration, channel distribution and coordination process are easy to abuse in user or cause do Disturb.Embodiment as described herein provides the simple and inexpensive method and apparatus being conducive to TVBD database certification. These technology do not need the specialised hardware in TVBD, and the position for TVBD and business information provide privacy protection.To the greatest extent Pipe by presently disclosed embodiment described in the context in TVBD and its linked database certification but it is to be understood that this A little descriptions are only examples.In the case of presently disclosed method and apparatus can apply to other assemblies and other.

As background technology, there is presently provided and need retouching of scene that TVBD registers to TVWS data base and inquire about for FCC State.Although this description is specific to FCC regulations, other jurisdictions (for example, EU, OFCOM) have similar for white space The demand of the database access of channel distribution, embodiment here can also be applied to this environment.

The registration of FCC general introduction and channel assigning process are as shown in Figure 1.The figure shows regulator (" FCC ") 102, TVWS Pass between database manager 104, TVBD manufacturer 106, TVBD setter 108 and the TVBD owner/operator 110 System.The purpose of this process is：For TVBD 112, give main with what the spot broadcasting (and broadcast auxiliary) of TV wave band serviced Using the TVWS channel distribution mutually coordinated.

FCC 102 supervises TVWS channel 114, and provides and provide device certificate 116 by its test laboratory and process Process.The management of TVWS channel is delegated to multiple TVWS database managers (line 2) 104.Although only illustrating one in Fig. 1 TVWS database manager 104, but multiple TVWS database managers can be assumed.TVWS database manager 104 is responsible for The record of TVBD 112, its channel use and its position safeguarding in TVBD warehouse 118.Database manager 104 also keeps TV channel database 120, this data base indicates the availability of the white space channel of each position.Dotted line X in Fig. 1 represent by The function of warehouse 118 database 120 is delegated to database manager 104, and FCC 102 can be with access database management device File in information.Database manager 104 also needs to share each side of its information with other database managers.Dotted line Y instruction channel database 120 can also comprise the information relevant with channel availability, and the information (example being provided by FCC record Information as, cable headend (head-end) receiver location with from other database managers).

As TVBD manufacturer 106 exploitation TVBD 112, equipment 112 is certified can to apply the mutually compatible (example of regulations with FCC As the test by FCC laboratory) (line 1).When realizing this certification, manufacturer 106 receives the FCC for this product Device id number 122 (line 1a).FCC 102 safeguards the own files (FCC data base 124) of authenticating device 112 and its manufacturer 106 With FCC No. ID 122.FCC unit No. ID 122 is unit type mark, rather than for identifying the serial number of each equipment.Tool Each equipment 122 having FCC No. ID 122 also has the unique sequence numbers of its own.

When having sold TVBD 112, TVBD setter 108 uses the position 126 of FCC unit No. ID 122 and TVWS equipment (its infield), to TVWS data base 120 registering apparatus 112.TVWS database manager 104 is by facility information (FCC ID Numbers 122 and the details of position 126 and the equipment owner 110) be stored in TVBD warehouse 118 (line 3).Movement when registration When TVBD 112 or fixing TVBD 112 is operated, the information in the input database warehouse 118 needed for FCC 102 includes equipment FCC No. ID 122, serial number and position 126.For the equipment 112 of fixed position, additional information to be provided includes being responsible for The title of the individual of this equipment or unit, the name of the contact person of operation being responsible for this equipment, the address of this contact person, this contact The e-mail address of people and the telephone number of this contact person.

When the TVBD owner/operator 110 (can also be setter 108) wants to be communicated using TVWS channel 114 When, the owner/operator 110 and TVWS database manager 104 contact (current location 126 of reference device), and inquire about Available channel (line 4) at this device location 126.Response from the TV channel database 120 of TVWS database manager can To list available TVWS channel 114 (line 4a).In some locations, TVWS channel 114 may not be can use.Equipment 112 is permissible One of available channel 114 is selected to distribute 128 (lines 5) as its TVWS channel.The list of available channel 114 can also be in registration Received by TVBD 112, but TVBD 12 needs to keep periodically contacting with TV channel database 120, with notified for its position Any change in the channel availability put.

FCC 102 can arrange more than one database manager 104 (herein also referred to as " logger ").Manager 104 can be provided separately its service or its service of offer that cooperates with other managers 104.Database manager 104 and logger Can be identical entity, or can be independent.Multiple database managers 104 share the information with regard to registration each other.Number Can also include in TV wave band (as TV cable headend position and other broadcast auxiliary in its data base 120 according to librarian 104 Service (e.g., wireless microphone)) other systems of operating.Data base 120 include these types system by assuring that Its local zone exclusion TVBD operates to protect the operation of the system of these types.

It is allowed to TVWS database manager 104 inquires about available frequency to registration with to its data base 120 in the regulations of FCC Charged in road.Some TVWS database managers 104 can be expected that by charge to carry out business activity code, and this charge is to be directed to The registration of its data base 120 and inquiry are to check what available channel to be carried out.When disposing first, need each TVBD's 112 Registration.Need when installing/starting shooting and be directed to fixing TVBD 112 at periodically (for example, 24 hours) afterwards to carry out channel data Library inquiry.Mobile device 112 must also be registered to data base's logger/manager 104 in start, and changes position each Or channel availability was checked with the largest interval of 24 hours.

Due to there is supervision demand it is desirable to there is such process so that setting for the equipment interacting with data base's rule Standby database manager can prevent from being spoofed, and especially may relate to expense in the registration for each data base and inquiry interaction Used time.TVBD may require that checking, and they are being registered to valid data librarian and are inquiring about, and database manager can need Verify：They are only registered with the TVBD (and database manager of other certification) of certification and interact, and can collect it Expense.Additionally, particularly with the mobile device that can frequently change position it may be desirable to inquiry charge is kept minimum, and And for expense it may be desirable to correct TVBD or account will be distributed to.Interacting between equipment and database manager is permissible Mistakenly collect the charges and it is possible to create " clone it is possible to create " disguising oneself as " manager when being occurred by the Internet " equipment passes through to be used for obtaining access to TVWS channel to miscellaneous equipment collection charge.Some TVBD users and some regulatory domain Also can the privacy of care positions and the business information being associated with its TVBD.

Although employing many safety methods in the internet, but it is desirable to the safety method that TVBD is used have extremely low Cost because they compete in following market：Wherein, alternative wave band may not have database manager and possibility will not Collect the charges.For example, not realize the big ciphering process of the calculating intensity of complexity in requisition for TVBD, or not join in requisition for TVBD Interact with the complex protocol of database manager.Because the amount of TVBD is big and low cost (for example, sells up to a million setting every year Standby), for each equipment database manager, keep single key to be unpractical, or in data depositary management It is also unpractical for presetting shared secret between reason device and TVBD.

For example, common internet security method generally has two stages.One stage is connecting foundation between two ends Safety (" secret ") link.Second stage certification end equipment (for example, verifies its identity).These stages can be independent；That is, Certain methods can not set up safety chain, and safety chain and verification process are combined by some.In typical the Internet exchanges, Set up safety chain, then using the exchange of username and password, equipment is authenticated.Undesirable using user name and close Code authentication TVBD, because this needs to establish, for each specific installation, the username and password pre-setting, this is for up to a million Low-cost equipment be unpractical.

Other Internet Protocols (e.g., Extensible Authentication Protocol Transport Layer Security (EAP-TLS)) utilize public key cryptography, Wherein each equipment has unique public private key-pair.However, being directed to device authentication, database manager needs to know that each sets Standby public key.This is usually used and keeps all public keys and can provide recognizing of key to the database manager wanting certification TVBD Demonstrate,prove the trusted administrative organization (" certification authority ") copying to realize.But undesirably, this is related to propping up of another data base Go out and complexity, and it also requires TVBD is able to carry out the public key encryption process of complexity.

Additionally, using authentication techniques (for example, subscriber identity module (SIM) card) by some mobile telephone systems is also not cut Actual.This system needs to step on each single mobile phone account in advance to service provider's (or Virtual network operator) Note, and only this provider can verify the identity of equipment.Some agreements (for example, EAP SIM and EAP AKA) can be used for so that The reliability of mobile device can be confirmed for outside side, these can be used for the TVBD that certification is also mobile network appliance.However, For each TVBD, it is unpractical for also keeping mobile network to subscribe to.General the Internet and mobile network's safety Agreement thus itself be unsuitable for simple and inexpensive being mutually authenticated between TVBD and database manager.

Although discussed the database manager of the service of providing free concept (this by minimize be directed to TVBD safety The demand of process), but this practice is due to the mistake of the management TVWS registering apparatus database of the regulations defined in such as FCC The bona fide cost that is related in journey and unlikely.Even if data base querying is free, however it remains applicable communication charge.

In addition to these safety concerns, TVBD may require that can after selling automatically registration (that is, they can not be Pre-register).TVBD can also require when moving to new position or being assigned with new database manager or commercial arrangement development Change its registration.

Advantageously there are the method that safety is provided between TVBD database manager, do not need attached in TVBD Plus ciphering process, and do not need between equipment database manager or cipher key authority or security server distribution Secret (for example, key) with holding.The method should be protected from serving as the disguiser of (collection of charges) database manager Infringement, and prevent device identification to be cloned, to avoid paying channel database interview expenses.Advantageously, the method is equipment Owner's database manager provides the change of ownership and commercial arrangement, and provides and deceive from general the Internet The protection of office and Denial of Service attack.Advantageously, moreover, the position of registration and TVWS data base querying process protection TVBD and connection It is the privacy of information.

Embodiment disclosed herein is with cost minimization for TVBD operator, manufacturer database operator as mesh Solve these problems.For example, embodiment does not need database manager to keep the list of the key of TVBD.Also without TVBD has any knowledge of the key being associated with its certificate or ciphering process.The method providing in these embodiments and setting Standby providing guarantees that equipment registers the sophisticated method of database inquiry, it is easily achieved, at a low price, safe enough, guarantee user Information private, resistance to attack and can adapt to the change in process, regulations and commercial arrangement.

Although being directed to the Opportunity Spectrum distribution of such as TVWS etc herein in the context interacting with database manager (opportunistic spectrum assignments) describes these embodiments, but these embodiments can be used for Other application, such as location Based service (or other network service), wherein expectation equipment server is mutually authenticated And protection equipment transmitted information, but do not need to pre-set for each public secret known to equipment server.This A little embodiments can also be applied to following any scene, and wherein database manager helps to mobile device distributing radio resource (for example, channel and timing), as being likely to occur in license, cross licence or unlicensed distribution.These embodiments guarantee to set Standby receive authorization message from database manager, thus can legally operate it wirelessly to set according to the information receiving Standby.Which ensure that the safety of equipment and glitch-free operation.

Present embodiments provide the method and apparatus interacting with management data base for equipment.Embodiment is using encryption skill Art, realizes being mutually authenticated of equipment and data base using public private key combination, and for being supplied to management data base's bin Information provides privacy protection.It is, for example possible to use privacy protection, to guarantee the protection to device location and business details. In an embodiment, equipment includes the storage device of key and business information and the processing meanss interacting with database manager.Real Applying example does not need equipment to pre-register to manager, or is shared in the secret of setting between equipment database manager.Implement Example sets up abundant certification using single message and response between equipment database manager, thus in realization and operating aspect There is low-down cost, minimize signaling consumption simultaneously.

The present embodiment by using by manufacturer as manufacture process the certificate installed in TVBD of a part come for TVBD database manager provides safety.This certificate is by using manufacturer, regulator and one or more data depositary management The public/private key pair of reason device is creating.Proof procedure utilizes for the cryptography ability in the embedded TVBD of communication, because without special Device or process guaranteeing safe data base's interaction.There is provided position by the positional information level protected with separate keys The privacy of information.

The present embodiment to realize the safety between TVBD and database manager with only single query and single response message Communication.A series of multiple message need not be exchanged to establish reliability.This is favourable compared to existing authentication method, existing certification Method may require that multiple challenge/response exchange to set up safe lane and reliability.

In sum, about include certificate of manufacturer in TVBD during fabrication, thus database manager and TVBD can To mutually authenticate each other.When TVBD sends registration message or TVWS channel query message to database manager, TVBD is disappearing Breath includes certificate.Database manager extracts information, and the reliability using this Information Authentication TVBD using private key from certificate Property.Database manager and then the key that included using certificate are being encrypted to the message of return TVBD.Return TVBD's Message may contain information about the information of available TVWS channel near TVBD.If this message of TVBD successful decryption, test Demonstrate,prove the reliability of database manager.Private information with regard to TVBD keeps encrypting and unavailable for database manager. However, it is possible to make this private information can use for regulator by using regulator's certificate.Although these features are herein It is described as being used in combination with each other it will be appreciated that these features can each independently use.

The details of these embodiments will be provided now.In an embodiment, manufacturer about installs during fabrication in TVBD Including the certificate for the unique device keyses of each equipment.It should be noted that word " certificate " used herein above is assisted with commonly safety Used in view, the implication of " certificate " and structure are slightly different.As typical certificate, certificate disclosed herein is to realize The exchangeable object of the checking of communication node.However, the structure of certificate disclosed herein also includes some information fields, they Use and verify the standardization different from other communication protocols (signature) hashed certificate.Certificate disclosed herein comprises following detailed The thin multiple only elements discussing.

It is encrypted using manufacturer's private key pair certificate of manufacturer, and signed in some cases.Make manufacturer Corresponding public key is publicly available.For example, it is possible to announce public key on the website of manufacturer, the station address of manufacturer can be in FCC Website on obtain or from the information storage unit of database manager obtain.In an alternative embodiment, regulator can be passed through The certificate management authority being had/managing is issuing manufacturer's public key.In other alternative embodiments, produce for each manufacturer Product (for example, for each FCC ID) or product group, there may be single manufacturer public key.This set will protect system Make the safety of business's private key.It should be noted that TVBD itself should not provide quoting to public key, because the verifier of certificate should independently obtain Obtain the public key of certificate signature person, to avoid the key of forger's misquotation.

In order to from clone's certificate or the infringement of fraud management device, certificate protection can be used for the management of certification TVBD database The information of device.Certificate includes following field：This field comprises the TVBD unique communication of the public key encryption by database manager Key.This encrypted fields can also alternatively comprise additional private information, such as TVBD account is quoted.When registering to data base Or during inquiry, TVBD shows its certificate to database manager.

Upon receipt of certificate, any other recipient of database manager or certificate can use the public key of manufacturer To decipher certificate, so that initial authentication is carried out to certificate.Database manager can also verify verification and, and confirm FCC ID and setting Standby mark and database matching.If it finds a match, database manager thinks that TVBD is legal.Database manager is also using private TVBD unique communication cipher key field deciphered by key, to obtain TVBD unique communication key.Then, database manager uses this TVBD Unique communication key, the cryptography process supported using equipment (for example, Advanced Encryption Standard (AES)) is being encrypted into this equipment Message.

TVBD is used TVBD unique communication key and its encryption as its device part that has is directed to its user and leads to The intrinsic ciphering process (for example, AES) of the business of letter, to decipher the encryption message from database manager.Report is as card The algorithm that the TVBD of a book part is supported, so that database manager knows the ciphering process of use (for example, by manager " password type " field of public key encryption).In some cases, database manager and TVBD can be built using communication key Stand for this communication session or store and be used for the new session key communicating in the future.

Fig. 2 shows the embodiment of the general structure of certificate of manufacturer.Adding of information field, is passed through by manufacturer's private key 204 Close 202 creating certificate of manufacturer 200.Be sent to the registration of database manager or query messages include this certificate 200 and Miscellaneous equipment information (for example, FCC No. ID 122, TVBD identification number 206, TVBD class 208 database manager ID 210).

Fig. 3 shows alternative embodiment, and wherein certificate uses signature process.In the configuration, manufacturer's key 204 is used for To facility information (for example, FCC No. ID 122, TVBD identification number 206, TVBD class 208, database manager ID 210 and encryption Communication key and account 304) carry out " signature " 302.There is multiple standards process for such signature, any one is all applicable In the present embodiment.Typically, enter to by facility information is hashed with created field by using manufacturer's private key 204 Row encryption is creating signature 306.The certificate of Fig. 3 has the length being shorter than facility information, and the certificate of Fig. 2 and facility information have Essentially identical length.

The message being sent to database manager of Fig. 3 includes signing certificate and miscellaneous equipment information (for example, FCC ID Numbers 122, TVBD sequence number 206, TVBD class 208, database manager ID 210 and encryption communication key and account 304), such as in figure Top row shown in.This configuration has advantages below：Compared with complete encryption technology, communication information significantly shortens (example in length As about 2/3rds).Have further the advantage that：Do not need checksum field in certificate, because the encryption of message hashes carries Supply the protection from transmission error impact, and guaranteed to apply correct key.

Using these features, protect TVBD database manager from the infringement of clone or copy certificate, and guarantee The database communication just with mandate for the TVBD.Prevent clone's certificate, because clone's certificate cannot be created, unless " clone person " knows Manufacturer's private key.Only manufacturer can make certificate.Calculate certificate in factory and be installed in equipment, thus need not TVBD can carry out public key encryption process or know manufacturer's private key.Deception device cannot use the certificate of legitimate device, because It will not know the unique communication key hidden in the certificate and can only be deciphered by anticipatory data librarian.

Show in figs 2 and 3 and create certificate 200 and signature 306 using " private " key 204 of manufacturer.In an embodiment, These private keys 204 are the half of asymmetric private/public key pair.In these configurations (commonly known as public key encryption), using only making Make the private key 204 that business knows and execute encryption, but execute deciphering using public key known to disclosure.This process is established and is created by manufacturer Build certificate, manufacturer is the sole entity knowing private key 204.

Certificate creation method disclosed herein uses " symmetrically private " key equally effective.In the configuration, using only for Private key encryption certificate known to manufacturer's database manager.These keys have ciphering process generally execution get up less high Expensive advantage, but have the shortcomings that only to verify certificate by the holder of manufacturer's private key.Further, since this key is for manufacture Business's database manager is all it is known that this technology is easier to by security threat.

As used herein, term " key " can refer to any portion of private/public key pair, private/public key to two-part group Close, both the sender of private/private (symmetrical) cipher key system or recipient's key or sender and recipient's key.For example, if Using public key cryptography method, it is possible to use private key is encrypted, be decrypted using public key or vice versa.In this case, this In the term " key " that used the combination of private key, public key or private key and public key can be referred to.If using (symmetrical) encryption of private key Method, then be used for both encryption and deciphering using private key.In this case, term " key " used herein above can refer to private key One of, two private keys.

In order to create the certificate 200 that will install in a device, manufacturer selects unique communication key 212.It generally has There is the integer of the suitable length (for example, 512 bit) of the password type 214 (for example, AES) supported for TVBD.Manufacturer Additional information can also alternatively be included, such as will be used for the account 216 (or account is quoted) kept accounts.For example, it is possible to pass through Database manager uses account 216, to keep accounts to interview expenses, and selects service and the spy signing for this equipment Levy.May also provide checksum field 218, so that receiver is able to verify that the account word that whether correctly decrypted communication and certificate Section.

Can using the method (as the hash function of the element of simply total and/or certificate) being arbitrarily suitable for create verification and 218.As described below, provide verification and 218 so that receiving entity can quickly determine whether that employing correct key 212 is solved Close, and thus confirm key 212 and accounts information 216 to be correctly decoded.The length of key 212 can be passed through TVBD, region or country change, and password type field 214 may contain information about the information of key length and password type.? In some embodiments, password type, key length or inspection and process are implied by manufacturer and identification code.That is, This information can be predefined for all devices with same manufacturer FCC ID.However, for these, Optimized encoding is a part for password type field 214, such that it is able to be changed when new process or operational requirements need.

Then, using logger/manager public key 222, to password type 214, TVBD unique communication key 212, account It is encrypted 220 with reference to 216 (if there is) and verification and 218 combination.Then, using FCC No. ID 122, device identification Numbers 206, the inspection in the case of TVBD class 208, database manager ID 210, the communication key 304 of encryption and Fig. 2 and 224, certificate is assembled.Can be using any suitable method (for example, simply total and/or hash of the element of certificate 200 Function) verify and 224 to create, and this verification and 224 can be provided as a part for certificate 200, thus receiver is permissible It is readily determined whether certificate 200 is successfully decrypted.TVBD class 208 indicates the TVBD's that regulator (for example, FCC) is summarized Class.

In the context of fig. 3, then using manufacturer's private key 204, to FCC No. ID 122, identification number 206, TVBD class 208th, encryption communication key 304 and verification and 224 combination are authenticated or " signature " 302.This identification sequences becomes in manufacture When be arranged in TVBD manufacturer's card of (for example by with reference to Fig. 4 description, record is in TVBD certificate of manufacturer data base 404) Book.Manufacturer also installs TVBD unique communication key 212 in a device, and (for example by with reference to Fig. 4 description, this key 212 records In the protected storage 406 of TVBD controller).

Database manager ID 210 can be used for supporting the operation of multiple database managers.At one alternative in, number The public key keeping for being encrypted to TVBD unique communication key 212 and account 216 can be indicated according to librarian ID 210 The mark of the logger/manager of (logger public key 222) corresponding private key.In an embodiment, each logger/data base Manager has the public private key-pair of its own.When TVBD manufactures, manufacturer and database manager make commercial arrangement, and The manufacturer of public key 222 coding using database manager ID 210 with using this logger/manager is installed in TVBD Certificate 200.

TVBD can also be configured with as by the address 426 of the logger/manager being described with reference to Fig. 4.In registration Or during data base querying, message can be sent to manager address 426, and can be solved by the manager being received Close.In an embodiment, address 426 (although unique) is can be by message in the event that commercial relations change after the fabrication It is redirected to the address of the suitable agency service of logger/database manager.

In other embodiments, registration/data base querying can be sent to arbitrary logger/database manager, then Suitable logger/pipe can be forwarded that message to based on the database manager ID210 including in certificate of manufacturer 200 Reason device.

Although multiple data bases all can be operated using identical public private key-pair by making multiple database managers Manager, but it is not expected that so, because the leakage all TVBD of entail dangers to of public private key and the safety of all managers.Can Can exist in the embodiment of multiple jurisdictions (as across international boundary), TVBD can be provided with and can use in each jurisdiction Multiple certificates of manufacturer.Equipment can select which certificate and address to be used for using its location knowledge for the position of TVBD Logger/database manager that contact is suitable for.Alternatively, TVBD can inquire about it to locally registered device/manager and should carry The certificate handed over.

Manufactured TVBD and be mounted with to point to database manager certificate after occur in manufacturer and data depositary management In the event of the change of commercial arrangement between reason device, the new database manager serving as original manager agency can be in TVBD The new certificate of middle installation and communication key, will indicate the inquiry in future to new database manager.Can based on specific installation or Product type based on equipment or other packet to install new authentication and key.New authentication can be installed at any time.For example, all Their new authentication can be installed as database manager enrollment process by the equipment that power relation is registered after changing Point.

During in registration or for TVWS data base querying, TVBD send certificate (and the FCC ID of equipment, identification number and Database manager ID) give logger or database manager, to establish the reliability of TVBD.As shown in Figures 2 and 3, use The unique communication key 212 of TVBD comes the position to TVBD and business information (for example, the owner and name of contact person) carries out adding Close.By deciphering certificate 200 or verifying that signature 306 confirms to demonstrate,prove as shown in Figure 3 using manufacturer's public key as shown in Fig. 2 The effectiveness of book 200.The FCC No. ID 122 of the equipment by using sensing manufacturer for the database manager and associated public key come really Surely checking certificate 200 or the public key signed needed for 306.

If verification FCC correct and as shown in Figure 2 with 224 No. ID 122 and TVBD identification number 206 after the decryption Join the FCC being sent by TVBD No. ID 122 and TVBD identification number 206 or if demonstrating signature 306 as shown in Figure 3, then may be used To be determined the correct deciphering of certificate 200 by receiver.If FCC No. ID 122 and TVBD identification number 206 mismatch, receiver (that is, database manager or logger) can speculate that certificate 200 is invalid.Alternatively, there may be mistake in the transmission.So Afterwards, logger or database manager can ask TVBD to resend request and certificate 200.

If certificate 200 is shown as effective, logger or database manager can be deciphered by using logger private key Those fields are recovering encryption communication key 212 and accounts information 216.If verification and 224 is effectively, permissible after the decryption Speculate that field is effective.If verification and 224 mismatches, certificate 200 can be invalid or can there is mistake, Yi Jideng in the transmission Note device or database manager can ask TVBD to resend request and certificate 200.This way it is not necessary to verification and 224 make With, there is provided checking employs the fast and easily mode of correct key 212 and successful decryption.

If demonstrating certificate 200 and having recovered communication key 212, logger can be solved using communication key 212 Other fields of instruction equipment rough position in close message.For example, it is possible to be decrypted to the most significant digit of position.Registration Device can place this information in the bin of registered TVBD.Now, do not establish the reliability of TVBD completely, because first The registration message of front uppick may be reset by another (deception) TVBD.However, the equipment of playback registration message will not have The unique communication key 212 of real equipment, thus will be unable in response to register or inquiry using the channel being sent by manager or Other information.With it, the impact of Replay Attack is limited to forge registration or data base querying.As described below, by equipment Unique communication key 212 coordinate of equipment is encrypted, thus reset inquiry or the deception device of registration message cannot obtain Take the database response for its position, because deception device cannot submit its coordinate to as a part for inquiry of resetting.

Once registering TVBD, logger can send message to the TVBD confirming successfully registration.Using in deciphering certificate The password type 214 of instruction and TVBD unique communication key 212 in field, are encrypted to the message reaching TVBD.This message Can include TVBD already registered with available channel for the position of TVBD of information and (if request) list.

If TVBD receives response from logger, and successfully can be deciphered using its communication key 212, then it is known It is registered to valid data storehouse, and can be informed that available TVWS channel.

Fig. 4 shows and is likely to occur the assembly so that TVBD can execute embodiment as described herein in TVBD.Can The assembly that can include in TVBD includes：TVBD depositor/data base's interactive processor 402, the memory area of certificate of manufacturer 404 and communication key memorizer 406.It is alternatively possible in certificate of addition memorizer 408 and/or additional keys memorizer In 410, certificate of addition and/or key are stored by manufacturer or logger/database manager.Except leading to of previous presence Outside letter interface 412, these elements can be the wireless associated antenna 414 connecting, wired connection 416, encryption processing apparatus 418th, other elements 424 of positional information 420, TVBD memorizer 422 and TVBD.TVBD also store its FCC No. ID 122, The address 426 of its identification number 206 and logger/database manager or agency.

In certain embodiments, certificate of manufacturer memorizer 404, communication key memorizer 406, certificate of addition memorizer 408 and additional keys memorizer 410 can be permanent general TVBD memorizer 422 in TVBD a part.Similar Ground, TVBD depositor/data base's interactive processor 402 can be realized on the control process device otherwise operate TVBD One group of function (for example, on the control process device of TVBD run application code).TVBD depositor/data base's interaction Processor 402 can with other elements 424 of communication interface 412, TVBD memorizer 422, encryption processing apparatus 418 and TVBD even Connect.TVBD depositor/data base's interactive processor 402 obtains certificate of manufacturer, is sent to logger/data base administration to become A message part for device.TVBD depositor/data base's interactive processor 402 obtains communication key also from memorizer 406, and will It is used together with Cipher Processing element 418, is sent to logger/database manager and from stepping on to by communication interface 412 The message content that note device/database manager sends encrypts and decrypts.TVBD depositor/data base's interactive processor 402 Also obtain the address 426 of FCC No. ID 122, identification number 206 and logger/database manager, it has also become the one of message content Part.TVBD depositor/data base's interactive processor 402 can also receive it and verify and be stored in certificate of addition memorizer 408 And/or in additional keys memorizer 410, it is used for certificate of addition, key and/or the renewal communicating afterwards.TVBD depositor/data Storehouse interactive processor 402 can also obtain positional information 420 from other elements of TVBD, and uses communication key and Cipher Processing Device 418 is encrypted to it, to be sent to logger/database manager.TVBD depositor/data base's interactive processor 402 Also receive message from database manager, using communication key, it is decrypted, and channel divides if they comprise TVWS Join, then the channel being allowed to other elements alert of TVBD.

Some TVBD users can pay close attention to the information required for FCC, such as equipment, the owner and positional information, to become another A part for large database concept operated by entity.Due to this information only need exist will by regulator (for example, FCC or its refer to Group) solve interference problem when visible, it is advantageous to being encrypted to this information, so that only regulator can unlock this information. As briefly discussed, the position coordinateses of TVBD can be encrypted by using the communication key of TVBD and register information to realize private Density.The knowledge of this position protecting TVBD and business information is not obtained by the earwig on communication path, and this encryption is true Protect TVBD：Logger/the database manager of only mandate can receive the positional information of TVBD because it by logger private key and TVBD communication key is protected.However, some users can worry there is all positions keeping all devices and ownership The wide area information server manager of information, because this can be considered as sensitive commercial information.Really, in some jurisdictions, There is protection privacy and prevent the legal requirements of this information abuse.

In an embodiment, in order to protect the privacy of registration and positional information, manufacturer can install in a device with first The similar regulator's certificate of front described certificate of manufacturer.Regulator's certificate can be used for verifying to regulator (FCC) The identity of TVBD, and regulator's communication key is sent to regulator so that regulator can be to TVBD position and business information It is decrypted.

Complete TVBD positional information can use for FCC, but by being divided into two parts to keep it positional information For database manager inaccessible.For the distribution of TVWS channel, the resolution needed for the position of TVBD can be limited to hundreds of Rice, and TV overlay area can be tens of kms in scope.In an embodiment, by using the highest of the position coordinateses of TVBD Live part accessing position/channel database, to keep the privacy of the position of TVBD.For example, using only by regulator's (example As FCC) can be using the encryption key of TVBD unique regulator communication key access, the least significant digit to positional information (" position fine portion ") is encrypted.In other words, only using database manager public key, the rough position of TVBD is carried out adding Close, and use regulator's communication key, the more detailed position of the TVBD in general position is encrypted.Database manager will Only can be appreciated that rough position, and data base's bin will comprise the encrypted version of detail location protected by regulator's communication key This.

Using regulator's communication key, the register information required by FCC can also be encrypted.Can be in data base Storage detail location and business ownership relation details and the regulator's certificate being provided by equipment, but due to encryption, will not Can be readable for database manager.However, if there is interference problem, then passing to regulator (or appointment agency of regulator) Send (encryption) detail location of all devices and its regulator's certificate in general area of concern, can be (using supervision Person's private key is obtaining regulator's communication key of TVBD) this information is decrypted, determine exact position, and closed using proprietary rightss System to solve this problem with register information.

Figure 5 illustrates the embodiment of regulator's certificate.Using certificate 500, regulator can be directed to single TVBD Access shielded information in data base.In an embodiment, when there is interference problem (or other demand), database manager Send regulator's certificate 500 and miscellaneous equipment database information to regulator.Then, regulator can be public by using manufacturer Key is deciphered and to be verified certificate 500.Then, regulator can (using regulator's private key) unique regulator's communication key to TVBD 502 are decrypted.Then, unique regulator's communication key 502 of TVBD can be used for decipher TVBD detailed location information and Business information.Details can be used for helping eliminate interference or other operational issue.

The configuration of Fig. 5 shows by encryption device information and is formed and the certificate 500 similar with the certificate 200 of Fig. 2. Can arrangement can be used for shortening message and reducing for regulator's certificate 500 using the signature process similar with Fig. 3 Storage demand.

In an embodiment, in registration or data base querying, TVBD its regulator's certificate 500 transmitted as mentioned above and its system Make business's certificate.Encrypt business information using TVBD unique communication key, and send it to logger/database manager.With Two parts send positional information.Send only with TVBD unique communication key encryption position most significant part, and also with Unique regulator's communication key 502 of TVBD encrypts minimum live part.(send complete encryption position information and unencrypted Coarse information is bad practice, because this can make information be exposed to part plaintext attack.) by regulator's certificate 500 with associate Positional information be sent to database manager by the encryption of TVBD unique communication key, thus rough even about equipment Positional information is also protected against eavesdropping in communication channel.

Fig. 6 show be sent to logger/manager with registered or data base querying information structure enforcement Example.Message 600 includes message header 602 and verification and comes with 604 and for communication protocol (for example, point-to-point protocol (PPP)) Say this other expense being suitable for.Message 600 also includes FCC ID 122 and identification number 206 and the certificate of manufacturer 200 of TVBD. The present embodiment does not require for encryption to be applied to these elements, but other link encryption incoherent with these embodiments is (for example, TLS) can apply to message 600.Message 600 also includes the rough part in TVBD position 606, TVBD regulator's certificate 500, commercially Information 608 and position fine portion 610.Regulator's communication key using TVBD is fine to business information 608 and position Part 610 is encrypted.By TVBD unique communication key to TVBD position rough part 606, TVBD regulator's certificate 500, Business information 608 and position fine portion 610 are encrypted.As described above, logger/database manager can be to position portion Divide and be decrypted, to determine the availability of TVWS channel.Identification information 122 and 206, certificate of manufacturer 200, regulator will be included The message of certificate 500 and encryption position information and business information 608 is stored as the record in bin.As described below, manager The network address (for example, IP address) of TVBD can also be stored, to allow to communicate with the future of TVBD.

Message 600 can also be included with the optional Transaction Identification Number 612 of TVBD unique communication key encryption.In some embodiments In, should numbers 612 can be incremented by, with " Replay Attack " that be protected from communication system for each communication transaction.(resetting In attack, the message that the deception device in network had previously been heard to recipient's " playback ".Sometimes, this playback will have change Header, and return address is to attempt to cheat recipient with information response's deception device.Sometimes, playback is " Denial of Service attack " Variant, because it is full of (flood) recipient to seem effective inquiry).Comprising transaction counter, to contribute to recipient quick Abandon invalid message.That is, database manager is expected for each efficient message that TVBD sends, see in the field To the numeral being incremented by.

In some configurations, this enumerator 612 can be also used for distinguishing initial register message and channel query message.First Message (having the first Transaction Identification Number) would is that the initial registration to data base for the equipment.The subsequent message with other Transaction Identification Numbers will It is data base querying.For these subsequent message, database manager does not need with its storage of information updating with regard to fixing equipment Storage, because equipment has been carried out registering.

In an embodiment, if necessary to eliminate interference, then logger/database manager is sent in suspection position to regulator Whole records of the equipment near putting.Figure 7 illustrates this message 700.This message 700 has the registration message 600 with Fig. 6 Similar structure, using the message header 602 being suitable to communication protocol (for example, PPP) and verification and 604.Message content includes disappearing Breath ID 702, manager certificate 800 (this will be described with reference to Fig. 8) and with regard to from registration warehouse report one or many The information of individual equipment.In these message 700, using manager unique communication key, the information with regard to TVBD is encrypted, Business information 608 and detail location 610 are encrypted also by unique regulator's communication key of TVBD.In this and other message In, the added field not having in the disclosure to describe can be included.

Fig. 8 shows the embodiment of manager certificate 800, and it has and the certificate of manufacturer 200 of Fig. 2 and the supervision of Fig. 5 The structure that person's certificate 500 is similar to.The configuration of Fig. 8 shows by being encrypted to facility information and is formed and the certificate with Fig. 2 200 similar certificates 800.Can arrangement can be used for shortening message and subtracting using the signature process similar with Fig. 3 It is directed to the storage demand of manager certificate 800 less.

Using this data base query method, can be avoided public to database manager with protective position information and business information Open, when regulator needs this information to carry out interference elimination, so that this information is can use.Therefore, user can be using in TVWS channel In operated, without concern for by with data base interact the safety jeopardizing its commercial interest.

In some jurisdictions (for example, EU), regulator or Virtual network operator may require that equipment meets regulation all the time, or even When operation may require that from the information of external data base.This operation can include making of the permitted channels in provider domain With or in multiple domains license or unlicensed channel combination.Here the embodiment summarized enables a device to inquire about external data Storehouse and according to safety and guarantee the information receiving be derived from authorization database mode receive operation information.Therefore, embodiment Can be by only being operable to make equipment meet regulation from the information of authorization database.

In some instances, regulator may require that and forbids that all certain types of equipment (for example, have specified FCC ID And identification number ranges) use TVWS channel.This can occur because equipment participates in disturbed condition.This scene is easy to by this enforcement Example method and apparatus and solve.In order to disable TVBD, logger/database manager can send with equipment only to TVBD The message of one communication key encryption, there is not available TVWS channel in instruction.Upon receipt of this message, TVBD will decipher this Message, verifies that it is derived from undelegated database manager.It is designated as available channel due to not existing, TVBD will stop it Operation in TVWS channel.This restriction message can be made channel query in response to TVBD and (for example, look into as regular 24 hours The part ask) and send, or can send as the directed message to TVBD.Note, in order to send message, number to TVBD Need to know the address (for example, IP address) of TVBD according to librarian.When TVBD needs update or make for regular 24 hours This address is will appreciate that during other request.In order to intervene the directed message being directed to TVBD, database manager can also basis Its up-to-date inquiry network address to record TVBD.There is not the message of available channel upon receipt of instruction, TVBD will stop Stop its operation in TVWS channel.

Fig. 9 shows the operational approach mutually authenticating each other for equipment and logger/data base and logger/data Storehouse provides the diagram of the embodiment 900 of sequence of events of channel distribution to equipment.The method is using in TVBD, data base administration The message exchanging between device and logger.These message can be exchanged using any standard method.For example, EAP can be used for Transmission mark and certificate between TVBD and logger/database manager.For example, general EAP-TLS can expand to including Signaling for certificate exchange used in the method and the method for checking is supported.It should be noted that the present embodiment and defined EAP- The difference of TLS is, the method does not need the private key that TVBD holding is associated with client certificate, thus safer, Less calculating intensity and low cost.

Using the present embodiment, TVBD is used needed for the private key being associated with certificate also without knowing or not needing to execute Encryption function.For example, the process of such as form of Transport Layer Security (TLS) etc can be used together with these embodiments, with Set up secure communication channel between TVBD and logger/database manager, and can be exchanged by this secure communication channel The message of these embodiments.However, one of advantage of these embodiments is it is not necessary to this safe lane is obtaining institute here The value of description.This is important safety advantages and cost-effective.

Preferably, the certificate of manufacturer installed in a device is unique for each TVBD.It is therefore preferred that TVBD communication key is for each TVBD uniquely unique (for example, random) field.Although can discuss by using manufacturing Count device or Unique Device sequence number realizes the uniqueness of certificate, but this is not desired selection, because these numerals can be from equipment Predict in ID and identification number, thus can make can recover manufacturer's private key thus energy for certificate " known plain text attack " Enough generation clones certificate.

Figure 10 shows and builds from the authenticating messagesequenee database manager 104 of TVBD 112 to database manager 104 Vertical registration or the embodiment overview of the response to TVBD 112 offer channel information.In this embodiment, in block 1010, TVBD 112 pass through to express message, such as using certificate of manufacturer and its encrypted location/business information (as shown in Figure 6), are registered or frequency Road availability inquiry.More specifically, TVBD 12 encrypts its position using its TVBD device keys and uses regulator's communication key Encrypt its detail location and business information.Then, TVBD112 uses communication network and in TVBD 112 and database manager The suitable messaging protocol set up between 104 to send message to database manager 104.

In block 1020, database manager 104 receives message from TVBD 112, and is manufactured using its manufacturer's public key verifications Device id in business's certificate.Then, database manager 104 is deciphered hiding TVBD from certificate of manufacturer using its private key and is set Standby key.Database manager 104 knows message and equipment query effectively, because carried out extensive to them using manufacturer's public key Multiple.Then, database manager 104 recovers the business of TVBD position, regulator's certificate and encryption using TVBD device keyses Industry information.Then, the business information of database manager 104 storage location information and encryption in its bin.The private of TVBD Close business information is safe in the bin of database manager, because it is led to by by the regulator that TVBD 112 provides The protection of letter key, and be hidden in regulator's certificate.Database manager 104 uses TVBD position to determine and is directed to TVBD 12 Available white space channel list.Then database manager 104 is carried out to channel availability information using TVBD device keyses Encryption.Then, database manager 104 sends the channel availability information after encryption to TVBD 112 in the message.

In block 1030, TVBD 112 receives message from database manager 104, and using its device keys to channel list It is decrypted.TVBD 112 is registration now, and has the effective channel list for its position.TVBD 112 knows that this disappears Breath and channel allocative efficiency, because this information is encrypted using the TVBD device keyses being hidden in initial certificate.

Same proof procedure can be used for registering database inquiry, but in some embodiments, TVBD is permissible Carry out database access using the certificate of registration issued by logger.This certificate of registration is likely to be of and certificate of manufacturer identical Message structure, but new unique communication key can be included, and can be by when updating inquiry data base for channel distribution TVBD uses.

(this can lead to example to the new authentication that equipment database manager can be established for TVBD using identical mechanism As there is the certificate of each of single certificate of manufacturer database manager certificate or multiple manager manager). In one scenario, logger/database manager can distribute new authentication and communication key from registration to TVBD.Then, TVBD will use this new authentication key pair for it to the inquiry of database manager, to inquire about TVWS channel.This new authentication TVBD will be sent with communication key using the encryption of TVBD unique communication key to.

The message number exchanging between TVBD and database manager is minimized by the present embodiment.Great majority are registered and are looked into Inquiry can be completed using a message from TVBD to manager and a response from manager to TVBD.Data base is grasped by this The communications cost made on cost and network minimizes.The optional mode setting up the new session key for communication may be only in expectation Exchange (e.g., database update) and change and use during communication key for security relationship or more long message.

Embodiments disclosed herein can mitigate the need that database manager safeguards the cipher key list for large number quipments Ask, because each equipment is directed to its certificate of each query report, this certificate comprises necessary Unique Device communication key.This enforcement Example can also mitigate the demand for the complicated ciphering process (for example, public key encryption) that will execute in a device.That is, TVBD does not need the exponentiation (exponentiation) of public key, because certificate of manufacturer is precalculated by manufacturer, and installs In TVBD.Do not exist for the demand of the independent public private key-pair of each equipment, because equipment can utilize and logger/number Carry out the encryption/deciphering of communication information according to the existing communication process of librarian.Shared secret between TVBD and manager Key passes through the certificate transmission prestoring, and this certificate comprises the device keyses prestoring, and itself uses manager public key It is encrypted.The present embodiment also allows the position of TVBD and business information to be encrypted, and thus is protected from communication letter The infringement that road is eavesdropped.

Devices described above can include being able to carry out the process assembly of the instruction related to above-mentioned action.Figure 11 illustrates Include being adapted for carrying out the example of the system 1300 of process assembly 1310 of one or more embodiment disclosed herein.Except Outside processor 1310 (CPU or CPU can be referred to as), system 1300 can include network access device 1320, Random access memory (RAM) 1330, read only memory (ROM) 1340, additional storage 1350 and input/output (I/O) Equipment 1360.These assemblies can communicate with one another via bus 1370.In some cases, some in these assemblies may not Exist, or can be combined with each other in multiple combination, or be combined with multiple combination with unshowned other assembly.These groups Part may be located in single physical entity or in multiple physical entity.Any action that be by processor 1310 executed is described herein Can individually be executed by processor 1310, or be illustrated or unshowned one or more assemblies by processor 1310 and in figure (for example, digital signal processor (DSP) 1380) combines to execute.Although DSP 1380 is shown as single assembly, It is that DSP 1380 can also be incorporated among processor 1310.

Processor 1310 executes it can be from network access device 1320, RAM 1330, ROM1340 or additional storage The instruction of access, code, computer program in 1350 (the various systems based on disk can be included, such as hard disk, floppy disk or CD) Or script.Although illustrate only a CPU1310, but can also there are multiple processors.Therefore, although instruction can be retouched Stating is to be executed by processor, but can simultaneously, serially or by one or more processors carry out execute instruction.Process Device 1310 may be implemented as one or more cpu chips.

Network access device 1320 can take modem, modem group, ethernet device, general serial total Line (USB) interface equipment, serial line interface, token ring apparatus, Fiber Distributed Data Interface (FDDI) equipment, WLAN (WLAN) equipment, radio transceiver device are (as CDMA (CDMA) equipment, global system for mobile communications (GSM) wireless receiving and dispatching Machine equipment, global interoperability manipulation (WiMAX) equipment of inserting of microwave), digital subscriber line (xDSL) equipment, cable data system System interface specification (DOCSIS) modem and/or the form for connecting the other well known equipment to network.These networks Connection equipment 1320 can enable processor 1310 and the Internet or one or more communication network or processor 1310 permissible Receive from it information or processor 1310 can be communicated to other networks of its output information.

Network access device 1320 can also include one or more transceiver assemblies 1325, and transceiver assembly 1325 can Take the form (such as radiofrequency signal or microwave frequency signal) of electromagnetic wave wirelessly to send on multiple antennas and/or Receiving data.Alternatively, this data can in or on the surface of electrical conductors, in coaxial cable, in the waveguide, in such as optical fiber Etc optical medium in or in other Propagations.Transceiver assembly 1325 include individually receiving with transmitting element or Single transceiver.The information that transceiver assembly 1325 sent or received can include data that treated device 1310 processed or The instruction of device 1310 execution to be processed.This information can be taken such as computer data baseband signal or be embodied with carrier wave The form of signal receives/from network and exports.Data can be according to the institute processing or producing data or transmission or receiving data Need comes according to different order arrangement.Baseband signal, the signal being embodied with carrier wave or currently used or Future Development its The signal of its type is properly termed as transmission medium, and can according to several method known to a person of ordinary skill in the art Lai Produce.

RAM 1330 can be used for storing volatile data, and may store the instruction being executed by processor 1310.ROM 1340 is non-volatile memory devices, typically has less storage compared with the memory span of additional storage 1350 Device capacity.ROM 1340 can be used for store instruction, and is potentially stored in the data of instruction term of execution reading.Right The general access comparing additional storage 1850 of access of RAM1330 and ROM 1340 is faster.Additional storage 1350 typically wraps Include one or more disk drives or tape drive, can be used for the non-volatile memories of data, or inadequate in RAM 1330 It is used as overflow data storage device in the case of being not enough to greatly keep all working data.Additional storage 1350 can be used for depositing Storage is loaded onto these programs in RAM 1330 when option program to execute.

I/O equipment 1360 can include liquid crystal display (LCD), touch-screen display, keyboard, keypad, switch, dialing Disk, mouse, trace ball, speech recognition device, card reader, paper tape reader, printer, video-frequency monitor or other well known input/ Outut device.Additionally, transceiver 1325 is considered the assembly of I/O equipment 1360, rather than network access device 1320 Assembly, or in addition to being the assembly of network access device 1320 or the assembly of I/O equipment 1360.

In an embodiment, there is provided a kind of method for the certification each other of telecommunication apparatus and database management component.Described Method includes：This equipment sends first message to database management component, and first message comprises close using database management component The communication key of key encryption, first message is also comprised the information with this device-dependent, is had with this equipment using manufacturer's key pair The information closed is encrypted.Methods described also includes：Database management component uses manufacturer's key pair and this device-dependent Information is decrypted.Methods described also includes：Database management component is entered using database management component cipher key pair communication key Row deciphering.Methods described also includes：The number that the information and date library management assembly with this device-dependent after deciphering is managed During according to information match in storehouse, database management component thinks that this equipment is legal.Methods described also includes：Data base administration group Part is encrypted to the second message using communication key.Methods described also includes：Database management component sends the to this equipment Two message.Methods described also includes：When this equipment can decipher the second message, this equipment thinks that database management component is closed Method.

In another embodiment, there is provided a kind of database management component.Database management component includes processor, is joined It is set to and makes database management component equipment receive the information relevant with telecommunication apparatus, had with this equipment using manufacturer's key pair The information closed is encrypted.Processor is further configured such that：Database management component uses manufacturer's key pair and this equipment Relevant information is decrypted.Processor is further configured such that：The information and date storehouse with this device-dependent after deciphering During information match in the data base that management assembly is managed, database management component thinks that this equipment is legal.

In another embodiment, there is provided a kind of telecommunication apparatus.Described telecommunication apparatus includes processor, is configured such that This equipment sends first message to database management component, and described first message comprised by leading to that database management component is encrypted Letter key.Processor is further configured such that：This equipment receives the second message from database management component, and described second information is led to Cross communication key encryption.Processor is further configured such that：When this equipment can decipher the second message, this equipment thinks data Library management assembly is legal.

Although providing some embodiments in the disclosure it should be appreciated that without departing from the scope of the present disclosure In the case of, disclosed system and method can be embodied by multiple other particular forms.Described example should be considered It is exemplary, rather than restricted, and the invention is not restricted to details as herein described.For example, can in another system With merging or integrated multiple unit or assembly, or omit some features, or do not implement some features.

Additionally, in the case of without departing from the scope of the present disclosure, be described and illustrated as in various embodiments discrete or Individually technology, system, subsystem and method can be merged or integrated with other systems, module, techniques or methods.Other quilts Being illustrated and described as coupling or direct-coupling or the project that communicates with one another can be with INDIRECT COUPLING or by some either electricity Machinery or other interface, equipment or intermediate module communicated.Without departing from spirit and scope disclosed herein In the case of, those skilled in the art can determine and makes the other examples of modification, alternative and change.

Claims

1. a kind of method for the certification each other of telecommunication apparatus and database management component, methods described includes：

Described telecommunication apparatus sends first message to described database management component, and described first message comprises using data depositary management The communication key of reason component keys encryption, described first message also comprises the information relevant with described telecommunication apparatus, with described electricity The information of letter device-dependent is encrypted using manufacturer's key；

Described database management component is decrypted using the described manufacturer key pair information relevant with described telecommunication apparatus；

Described database management component is decrypted to described communication key using described database management component key；

In the data base that the information relevant with described telecommunication apparatus after deciphering is managed with described database management component During information match, described database management component thinks that described telecommunication apparatus is legal；

Described database management component is encrypted to the second message using described communication key；

Described database management component sends described second message to described telecommunication apparatus；

When described telecommunication apparatus can decipher described second message, described telecommunication apparatus thinks that described database management component is closed Method.

2. method according to claim 1, wherein, described telecommunication apparatus is TV band antenna device TVBD, and described number It is TV white space TVWS database manager according to library management assembly.

3. method according to claim 2, wherein, described first message comprise following at least one：

The registration carrying out to described TVWS database manager；And

The inquiry with regard to TVWS channel availability for described TVWS database manager.

4. method according to claim 3, wherein, described second message package contain following at least one：

The confirmation that success is registered；And

It is directed to the information of the availability of TVBD with regard at least one TVWS channel.

5. method according to claim 2, wherein, with regard to TVBD private information for described TVWS database manager Keep encrypting and unavailable, and by using regulator's certificate, so that described private information is can use for regulator, wherein, Described regulator's certificate is arranged in TVBD when TVBD manufactures, and sends registration request in TVBD to TVWS database manager It is sent to TVWS database manager for the moment with TVWS channel query, and to be stored by TVWS database manager, and in institute It is sent to described regulator when stating regulator's request.

6. method according to claim 5, wherein, described regulator's certificate comprises the regulator being encrypted by regulator's key Communication key, and described regulator is decrypted to described regulator's communication key using described regulator's key, and make With described regulator's communication key, described private information is decrypted, and described regulator's key is for TVWS data depositary management Reason device is unavailable.

7. method according to claim 6, wherein, a part for described private information is the detailed location information of TVBD, And by described regulator's key, the general position information of TVBD is not encrypted, and general position refers to than detail location more Big geographic area.

8. method according to claim 2, wherein, described first message includes certificate of manufacturer, described certificate of manufacturer Including encrypted using described database management component key following at least one：Communication key, password type, TVBD account ginseng Examine and verify and；And described certificate of manufacturer also includes the information relevant with described telecommunication apparatus, with described telecommunication apparatus Relevant information include using the encryption of described manufacturer key following at least one：Encrypted communication key, regulator Identification number, TVBD mark, TVBD class, database manager mark and verification and.

9. method according to claim 8, wherein, using the described manufacturer key pair letter relevant with described telecommunication apparatus Breath is signed, to encrypt by carrying out hashing the field to create to the information relevant with described telecommunication apparatus.

10. method according to claim 8, wherein, provides multiple certificates, each of the plurality of certificate to TVBD Certificate and different jurisdictions are related, and which in the plurality of certificate TVBD determined based at least one of using Certificate：

The knowledge to its position for the TVBD；And

TVBD is for local data base with regard to the inquiry using which certificate in the plurality of certificate.

A kind of 11. database management component, including：

Processor, is configured such that：Described database management component is received and comprises to be encrypted using database management component key Communication key and the information relevant with telecommunication apparatus in interior first message, the information relevant with described telecommunication apparatus be use Manufacturer key is encrypting；And be configured such that：Described database management component use described manufacturer key pair with The relevant information of described telecommunication apparatus is decrypted and described database management component uses described database management component close Key is decrypted to described communication key；And be configured such that：The information relevant with described telecommunication apparatus after deciphering During information match in the data base being managed with described database management component, described database management component thinks described Telecommunication apparatus is legal, and is configured such that：Described database management component is entered to the second message using described communication key Row encryption, and described database management component is to described telecommunication apparatus described second message of transmission.

12. database management component according to claim 11, wherein, described database management component is TV white space TVWS database manager, and described telecommunication apparatus is TV band antenna device TVBD.

13. database management component according to claim 12, wherein, described first message comprise following at least one：

The registration carrying out to described TVWS database manager；And

14. database management component according to claim 13, wherein, described second message package contain following at least one：

The confirmation that success is registered；And

15. database management component according to claim 12, wherein, with regard to TVBD private information for described TVWS Database manager keeps encrypting and unavailable, and by using regulator's certificate, makes described private information for supervisor Structure can use, and wherein, described regulator's certificate is arranged in TVBD when TVBD manufactures, and in TVBD to TVWS database manager Send registration request and TVWS channel query is sent to TVWS database manager for the moment, and come by TVWS database manager Storage, and it is sent to described regulator when described regulator asks.

16. database management component according to claim 15, also include：Manager certificate, it promotes identification described Secure communication between TVWS database manager and described regulator, to solve TVBD interference problem.

17. database management component according to claim 15, wherein, described regulator's certificate comprises by regulator's key Regulator's communication key of encryption, and described regulator entered to described regulator's communication key using described regulator's key Row deciphering, and is decrypted to described private information using described regulator's communication key, and described regulator's key for TVWS database manager is unavailable.

18. database management component according to claim 17, wherein, a part for described private information is the detailed of TVBD Thin positional information, and by described regulator's key, the general position information of TVBD is not encrypted, and general position refers to The bigger geographic area than detail location.

19. database management component according to claim 12, wherein, described first message includes certificate of manufacturer, institute State certificate of manufacturer include using described database management component key encryption following at least one：Communication key, cipher type Type, TVBD account reference and verification and；And described certificate of manufacturer also includes the information relevant with described telecommunication apparatus, The information relevant with described telecommunication apparatus include using the encryption of described manufacturer key following at least one：Encrypted communication Key, regulator's identification number, TVBD mark, TVBD class, database manager mark and verification and.

20. database management component according to claim 19, wherein, using described manufacturer key pair and described telecommunications The information of device-dependent is signed, to encrypt by carrying out hashing the word to create to the information relevant with described telecommunication apparatus Section.

A kind of 21. telecommunication apparatus, including：

Processor, is configured such that：Described telecommunication apparatus sends first message, described first message to database management component Comprise the communication key encrypted by database management component and using manufacturer key carry out relevant with described telecommunication apparatus The information of encryption；And be configured such that：Described telecommunication apparatus receives the second message from described database management component, described Second message is encrypted by described communication key；And be configured such that：When described telecommunication apparatus can decipher described second During message, described telecommunication apparatus thinks that described database management component is legal.

22. equipment according to claim 21, wherein, described telecommunication apparatus is TV band antenna device TVBD, and described Database management component is TV white space TVWS database manager.

23. equipment according to claim 22, wherein, described first message comprise following at least one：

The registration carrying out to described TVWS database manager；And

24. equipment according to claim 23, wherein, described second message package contain following at least one：

The confirmation that success is registered；And

25. equipment according to claim 22, wherein, with regard to TVBD private information for described TVWS data base administration Device keeps encrypting and unavailable, and by using regulator's certificate, so that described private information is can use for regulator, its In, described regulator's certificate is arranged in TVBD when TVBD manufactures, and sends registration in TVBD to TVWS database manager Request and TVWS channel query are sent to TVWS database manager for the moment, and to be stored by TVWS database manager, and It is sent to described regulator when described regulator asks.

26. equipment according to claim 25, wherein, described regulator's certificate comprises the supervision encrypted by regulator's key Person's communication key, and described regulator is decrypted to described regulator's communication key using described regulator's key, and Using described regulator's communication key, described private information is decrypted, and described regulator's key is for TVWS data base Manager is unavailable.

27. equipment according to claim 26, wherein, a part for described private information is the detail location letter of TVBD Breath, and by described regulator's key, the general position information of TVBD is not encrypted, and general position refers to than detailed position Put bigger geographic area.

28. equipment according to claim 22, wherein, described first message includes certificate of manufacturer, described manufacturer card School bag include using described database management component key encryption following at least one：Communication key, password type, TVBD account With reference to and verification and；And described certificate of manufacturer also includes the information relevant with described telecommunication apparatus, set with described telecommunications Have pass information include using the encryption of manufacturer key following at least one：Encrypted communication key, regulator mark Know number, TVBD mark, TVBD class, database manager mark and verify and.

29. equipment according to claim 28, wherein, relevant with described telecommunication apparatus using described manufacturer key pair Information is signed, to encrypt by carrying out hashing the field to create to the information relevant with described telecommunication apparatus.

30. equipment according to claim 28, wherein, provide multiple certificates to TVBD, each in the plurality of certificate Individual certificate and different jurisdictions are related, and which in the plurality of certificate TVBD determined based at least one of using Individual certificate：

The knowledge to its position for the TVBD；And